facebook pixal

Wendy’s agrees to pay $50M to settle data breach claims

The company is paying a group of financial institutions over negligence claims following a 2015 cyberattack.
Photograph courtesy of The Wendy's Co.

The Wendy’s Co. on Wednesday said it has agreed to pay $50 million to a group of financial institutions to settle claims following a data-card breach that hit the chain in 2015 and 2016.

The payment would include attorneys’ fees and costs. Wendy’s said it would end up paying $27.5 million itself after it exhausts insurance. The settlement is pending court approval.

Wendy’s CEO Todd Penegor said in a statement that the settlement “is in the best interests of Wendy’s and its shareholders.”

He said that the company has now reached agreements to resolve all the legal issues that arose in the aftermath of the attacks, which exposed the credit card information of customers at more than 1,000 Wendy’s locations in 2015 and 2016. Wendy’s later confirmed that criminals had installed malware on the restaurants’ point-of-sale systems.

The company had previously settled a class action lawsuit last September from customers affected by the data breach.

Some 26 financial institutions sued the chain as well, arguing that the company was negligent in the breach. They were seeking to recover costs related to the reissuing of credit cards following the breach.

Members help make our journalism possible. Become a Restaurant Business member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.


More from our partners